Chivers, Howard Robert orcid.org/0000-0001-7057-9650 (2016) Control Consistency as a Management Tool: The Identification of Systematic Security Control Weaknesses in Air Traffic Management. International Journal of Critical Computer-Based Systems. ISSN 1757-8787
Abstract
In 2008 EUROCONTROL published Information and Communications Technology (ICT) Security Guidance to Air Navigation Service Providers (ANSPs), to assist them in complying with regulatory security requirements. This included a visualisation tool which allowed the consistency of control sets to be reviewed and communicated: consistency being the degree to which more sophisticated controls were supported by core controls. The validation of that guidance included surveys which were conducted to contrast current practice in European ANSPs with a baseline control set based on ISO/IEC 27001:2005. The consistency test revealed significant gaps in the control strategies of these organisations: despite relatively sophisticated control regimes there were areas which lacked core controls. Key missing elements identified in the ANSPs surveyed include security management and senior management engagement, system accreditation, the validation and authentication of data used by ATM systems, incident management, and business continuity preparedness. Since anonymity requires that little can be said about the original surveys these results are necessarily indicative, so the paper contrasts these findings with contemporaneous literature, including audit reports on security in US ATM systems. The two sources prove to be in close agreement, confirming the value of the control consistency view in providing an overview of an organisation's security control regime.
Metadata
Item Type: | Article |
---|---|
Authors/Creators: |
|
Copyright, Publisher and Additional Information: | © 2016 Inderscience Enterprises Ltd. This is an author-produced version of the published paper. Uploaded in accordance with the publisher’s self-archiving policy. Further copying may not be permitted; contact the publisher for details |
Dates: |
|
Institution: | The University of York |
Academic Units: | The University of York > Faculty of Sciences (York) > Computer Science (York) |
Depositing User: | Pure (York) |
Date Deposited: | 21 Dec 2016 15:25 |
Last Modified: | 27 Nov 2024 00:27 |
Published Version: | https://doi.org/10.1504/IJCCBS.2016.079079 |
Status: | Published |
Refereed: | Yes |
Identification Number: | 10.1504/IJCCBS.2016.079079 |
Open Archives Initiative ID (OAI ID): | oai:eprints.whiterose.ac.uk:109818 |
Download
Filename: Control_consitency_in_ATM_authorFinalVersion.pdf
Description: Control consitency in ATM authorFinalVersion